Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Binary coded decimal encoding

Writing a Wireshark dissector plugin in C++. The protocol I'm trying to parse uses the uncommon packed binary-coded-decimal format for all of its integers.

Normally, when I want to add an item of length length at offset offset, I write:

proto_tree_add_item(body, fields.foo, tvb, offset, length, ENC_LITTLE_ENDIAN);
proto_tree_add_item(body, fields.foo, tvb, offset, length, ENC_NA); // big-endian int
proto_tree_add_item(body, fields.foo, tvb, offset, length, ENC_ASCII); // string

... etc. I also need to register the field array with:

proto_register_field_array(handle, field_array, array_length(field_array));

... where the field_array is an array of hf_register_info, like this:

static hf_register_info field_array[] = {
    { &fields.foo, { "Foo Field", "protocol.foo", FT_UINT48, BASE_DEC } },
    // etc. other fields
};

... supposing my example is a 6-byte packed BCD (capable of holding 12 decimal digits).

This all works nicely when I'm parsing sensible protocols that send uint32, ASCII, int64, etc., over the wire. But there appears to be no built-in Wireshark encoding for packed BCDs.

I can see a hacky work-around to parse it as raw data, and then write a function to translate the raw data into the correct value (or use something like tvb_bcd_dig_to_wmem_packet_str), and then use proto_item_set_text to set the item to my desired representation.

Is there a better way?

Binary coded decimal encoding

Writing a Wireshark dissector plugin in C++. The protocol I'm trying to parse uses the uncommon packed binary-coded-decimal format for all of its integers.

Normally, when I want to add an item of length length at offset offset, I write:

proto_tree_add_item(body, fields.foo, tvb, offset, length, ENC_LITTLE_ENDIAN);
proto_tree_add_item(body, fields.foo, tvb, offset, length, ENC_NA); // big-endian int
proto_tree_add_item(body, fields.foo, tvb, offset, length, ENC_ASCII); // string

... etc. I also need to register the field array with:

proto_register_field_array(handle, field_array, array_length(field_array));

... where the field_array is an array of hf_register_info, like this:

static hf_register_info field_array[] = {
    { &fields.foo, { "Foo Field", "protocol.foo", FT_UINT48, BASE_DEC } },
    // etc. other fields
};

... supposing my example is a 6-byte packed BCD (capable of holding 12 decimal digits).

This all works nicely when I'm parsing sensible protocols that send uint32, ASCII, int64, etc., over the wire. But there appears to be no built-in Wireshark encoding for packed BCDs.

I can see a hacky work-around to parse it as raw data, and then write a function to translate the raw data into the correct value (or use something like tvb_bcd_dig_to_wmem_packet_str), and then use proto_item_set_text to set the item to my desired representation.

Is there a better way?